SecurityScorecard
SecurityScorecard is a security rating services tool. You can bring company and security data from SecurityScorecard into Brinqa to gain insights into your cybersecurity posture and manage risks more effectively.
This document details the information you must provide for the connector to authenticate with SecurityScorecard and how to obtain that information from SecurityScorecard. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select SecurityScorecard from the Connector drop-down. You must provide the following information to authenticate SecurityScorecard with Brinqa:
-
API URL: The SecurityScorecard API Server URL. The default URL is
https://api.securityscorecard.io. -
API key: The API token associated with the SecurityScorecard account, which must have permissions to log in to the API server and return data.
Generate a SecurityScorecard API key
For the SecurityScorecard connector to retrieve data from the SecurityScorecard REST API, you must provide an API key. To do so, follow these steps:
-
Log in to your organization's SecurityScorecard portal as an administrator.
-
Click your profile photo in the top-right corner and in the drop-down, click My Settings.
-
Click API and then click Generate New API Token.
-
Click Confirm.
Your new API key displays. You can't view the key again after this. Copy and save it to a secure location.
If you do not have permissions to generate a key, contact your SecurityScorecard administrator. For additional information, see SecurityScorecard documentation.
(Optional) Create a SecurityScorecard Bot user
In addition to using an API key tied to an existing user, you can also create a "Bot User" (also known as a service account) in SecurityScorecard. This account is specifically designed to access the SecurityScorecard API and retrieve data. For additional information, see SecurityScorecard documentation.
Types of data to retrieve
The SecurityScorecard connector can retrieve the following types of data from the SecurityScorecard REST API:
Table 1: Data retrieved from SecurityScorecard
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Company | Yes | Site |
| Issue | Yes | Violation |
| Issue Type | Yes | Violation Definition |
The SecurityScorecard connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from SecurityScorecard in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Company
Table 2: Company attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| ADDED_DATE | sourceCreatedDate |
| DOMAIN | Local variable |
| GRADE | Local variable |
| INDUSTRY | Local variable |
| LAST_30_DAYS_SCORE_CHANGE | Local variable |
| NAME | name |
| SCORE | Local variable |
| SIZE | Local variable |
| SYS_ID | uid |
Issue
Table 3: Issue attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| ANALYSIS | Local variable |
| ANALYSIS_DESCRIPTION | Local variable |
| ASSETS | Local variable |
| BANNER | Local variable |
| BROWSER | Local variable |
| COMPANY_ID | targets |
| COOKIE_NAME | Local variable |
| DESCRIPTION | description |
| DEST_IP | Local variable |
| DOMAIN | Local variable |
| EVIDENCE | Local variable |
| FINAL_URL | Local variable |
| FIRST_SEEN | firstSeen |
| FULL_NAME | name |
| HOST_NAME | Local variable |
| INITIAL_URL | Local variable |
| IP_ADDRESS | ipAddresses |
| LAST_SEEN | lastSeen |
| MALWARE_DETECTION_METHOD | Local variable |
| MALWARE_FAMILY | Local variable |
| PORTS | Local variable |
| PRE_SCAN_STATUS | Local variable |
| PRODUCT_LATEST_VERSION | Local variable |
| PRODUCT_MANUFACTURER | Local variable |
| PRODUCT_NAME | Local variable |
| PRODUCT_STATE_REF | Local variable |
| PRODUCT_STATE_STATUS | Local variable |
| PRODUCT_TYPE | Local variable |
| PRODUCT_VERSION | Local variable |
| RAW_COOKIE | Local variable |
| SCAN_STATUS | Local variable |
| SCHEME | Local variable |
| SERVICES | Local variable |
| SRC_IP | Local variable |
| STATE_EFFECTIVE_DATE | Local variable |
| SYS_ID | uid |
| TARGET | Local variable |
| URL | url, reference |
| USER_AGENT | Local variable |
| VULNERABILITY_DESCRIPTION | Local variable |
| VULNERABILITY_ID | Local variable |
| VULNERABILITY_PUBLISH_DATE | Local variable |
| VULNERABILITY_URL | Local variable |
| YEAR | Local variable |
Issue Type
Table 4: Issue Type attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| DESCRIPTION | description |
| FACTOR | name |
| RECOMMENDATION | recommendation |
| SEVERITY | severity |
| SUMMARY | summary |
| SYS_ID | uid, category |
| TITLE | title |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
APIs
The SecurityScorecard connector uses the SecurityScorecard API. Specifically, it uses the following endpoints:
Table 5: SecurityScorecard API endpoints
| Connector Object | API Endpoints |
|---|---|
| Company | GET /companies/{company.domain}/factors |
GET /portfolios | |
GET /portfolios/{portfolioID}/companies | |
| Issue | GET /companies/{company.domain}/factors |
GET /companies/{company.domain}/issues/{factor.issueSummary.type} | |
GET /portfolios | |
GET /portfolios/{portfolioID}/companies | |
| Issue Type | GET /metadata/issue-types |
GET /metadata/issue-types/{issuetype.key} |
Changelog
The SecurityScorecard connector has undergone the following changes:
Table 6: SecurityScorecard connector changelog
| Version | Description |
|---|---|
| 3.0.0 | Initial Integration+ release. |